auth: do not strip query parameters in forward auth (#2216)

internal/urlutil/url.go

@@ -110,18 +110,3 @@ func GetDomainsForURL(u url.URL) []string {
 func IsTCP(u *url.URL) bool {
 	return u.Scheme == "tcp+http" || u.Scheme == "tcp+https"
 }
-
-// ParseEnvoyQueryParams returns a new URL with queryparams parsed from envoy format.
-func ParseEnvoyQueryParams(u *url.URL) *url.URL {
-	nu := &url.URL{
-		Scheme: u.Scheme,
-		Host:   u.Host,
-		Path:   u.Path,
-	}
-
-	path := u.Path
-	if idx := strings.Index(path, "?"); idx != -1 {
-		nu.Path, nu.RawQuery = path[:idx], path[idx+1:]
-	}
-	return nu
-}

internal/urlutil/url_test.go

@@ -157,22 +157,3 @@ func TestGetDomainsForURL(t *testing.T) {
 		})
 	}
 }
-
-func TestParseEnvoyQueryParams(t *testing.T) {
-	tests := []struct {
-		name string
-		u    *url.URL
-		want *url.URL
-	}{
-		{"empty", &url.URL{}, &url.URL{}},
-		{"basic example", &url.URL{Host: "pomerium.io", Path: "/?uri=https://pomerium.com/"}, &url.URL{Host: "pomerium.io", Path: "/", RawQuery: "uri=https://pomerium.com/"}},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := ParseEnvoyQueryParams(tt.u)
-			if diff := cmp.Diff(got, tt.want); diff != "" {
-				t.Errorf("ParseEnvoyQueryParams() = %v", diff)
-			}
-		})
-	}
-}

proxy/forward_auth.go

@@ -58,10 +58,6 @@ func (p *Proxy) nginxPostCallbackRedirect(w http.ResponseWriter, r *http.Request
 	if err != nil {
 		return httputil.NewError(http.StatusBadRequest, err)
 	}
-	u = urlutil.ParseEnvoyQueryParams(u)
-	q := u.Query()
-	q.Del(urlutil.QueryForwardAuthURI)
-	u.RawQuery = q.Encode()
 	httputil.Redirect(w, r, u.String(), http.StatusFound)
 	return nil
 }